Inner Life Memory

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed local persistent-memory skill, with privacy considerations but no evidence of hidden collection, exfiltration, or unsafe execution.

Install this only if you want your agent to keep and reuse local memory across sessions. Periodically review memory/MEMORY.md, memory/questions.md, memory/drive.json, and memory/inner-state.json, and avoid storing highly sensitive material there unless that retention is intentional. Separately review inner-life-core before running its initialization script.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill explicitly instructs the agent to write to persistent memory files across sessions, including MEMORY.md, questions.md, drive.json, and inner-state.json, but it does not require user consent, confirmation, or even a warning before altering stored state. In an agent setting, silent persistence can create privacy, integrity, and surprise-modification risks because inferred or speculative content may be retained and later influence behavior without the user's awareness.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal